| 1 | /* $NetBSD: smtpd.c,v 1.16 2018/02/01 03:32:00 christos Exp $ */ |
| 2 | |
| 3 | /*++ |
| 4 | /* NAME |
| 5 | /* smtpd 8 |
| 6 | /* SUMMARY |
| 7 | /* Postfix SMTP server |
| 8 | /* SYNOPSIS |
| 9 | /* \fBsmtpd\fR [generic Postfix daemon options] |
| 10 | /* |
| 11 | /* \fBsendmail -bs\fR |
| 12 | /* DESCRIPTION |
| 13 | /* The SMTP server accepts network connection requests |
| 14 | /* and performs zero or more SMTP transactions per connection. |
| 15 | /* Each received message is piped through the \fBcleanup\fR(8) |
| 16 | /* daemon, and is placed into the \fBincoming\fR queue as one |
| 17 | /* single queue file. For this mode of operation, the program |
| 18 | /* expects to be run from the \fBmaster\fR(8) process manager. |
| 19 | /* |
| 20 | /* Alternatively, the SMTP server be can run in stand-alone |
| 21 | /* mode; this is traditionally obtained with "\fBsendmail |
| 22 | /* -bs\fR". When the SMTP server runs stand-alone with non |
| 23 | /* $\fBmail_owner\fR privileges, it receives mail even while |
| 24 | /* the mail system is not running, deposits messages directly |
| 25 | /* into the \fBmaildrop\fR queue, and disables the SMTP server's |
| 26 | /* access policies. As of Postfix version 2.3, the SMTP server |
| 27 | /* refuses to receive mail from the network when it runs with |
| 28 | /* non $\fBmail_owner\fR privileges. |
| 29 | /* |
| 30 | /* The SMTP server implements a variety of policies for connection |
| 31 | /* requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR |
| 32 | /* and \fBRCPT TO\fR commands. They are detailed below and in the |
| 33 | /* \fBmain.cf\fR configuration file. |
| 34 | /* SECURITY |
| 35 | /* .ad |
| 36 | /* .fi |
| 37 | /* The SMTP server is moderately security-sensitive. It talks to SMTP |
| 38 | /* clients and to DNS servers on the network. The SMTP server can be |
| 39 | /* run chrooted at fixed low privilege. |
| 40 | /* STANDARDS |
| 41 | /* RFC 821 (SMTP protocol) |
| 42 | /* RFC 1123 (Host requirements) |
| 43 | /* RFC 1652 (8bit-MIME transport) |
| 44 | /* RFC 1869 (SMTP service extensions) |
| 45 | /* RFC 1870 (Message size declaration) |
| 46 | /* RFC 1985 (ETRN command) |
| 47 | /* RFC 2034 (SMTP enhanced status codes) |
| 48 | /* RFC 2554 (AUTH command) |
| 49 | /* RFC 2821 (SMTP protocol) |
| 50 | /* RFC 2920 (SMTP pipelining) |
| 51 | /* RFC 3207 (STARTTLS command) |
| 52 | /* RFC 3461 (SMTP DSN extension) |
| 53 | /* RFC 3463 (Enhanced status codes) |
| 54 | /* RFC 3848 (ESMTP transmission types) |
| 55 | /* RFC 4409 (Message submission) |
| 56 | /* RFC 4954 (AUTH command) |
| 57 | /* RFC 5321 (SMTP protocol) |
| 58 | /* RFC 6531 (Internationalized SMTP) |
| 59 | /* RFC 6533 (Internationalized Delivery Status Notifications) |
| 60 | /* RFC 7505 ("Null MX" No Service Resource Record) |
| 61 | /* DIAGNOSTICS |
| 62 | /* Problems and transactions are logged to \fBsyslogd\fR(8). |
| 63 | /* |
| 64 | /* Depending on the setting of the \fBnotify_classes\fR parameter, |
| 65 | /* the postmaster is notified of bounces, protocol problems, |
| 66 | /* policy violations, and of other trouble. |
| 67 | /* CONFIGURATION PARAMETERS |
| 68 | /* .ad |
| 69 | /* .fi |
| 70 | /* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtpd\fR(8) |
| 71 | /* processes run for only a limited amount of time. Use the command |
| 72 | /* "\fBpostfix reload\fR" to speed up a change. |
| 73 | /* |
| 74 | /* The text below provides only a parameter summary. See |
| 75 | /* \fBpostconf\fR(5) for more details including examples. |
| 76 | /* COMPATIBILITY CONTROLS |
| 77 | /* .ad |
| 78 | /* .fi |
| 79 | /* The following parameters work around implementation errors in other |
| 80 | /* software, and/or allow you to override standards in order to prevent |
| 81 | /* undesirable use. |
| 82 | /* .ad |
| 83 | /* .fi |
| 84 | /* .IP "\fBbroken_sasl_auth_clients (no)\fR" |
| 85 | /* Enable interoperability with remote SMTP clients that implement an obsolete |
| 86 | /* version of the AUTH command (RFC 4954). |
| 87 | /* .IP "\fBdisable_vrfy_command (no)\fR" |
| 88 | /* Disable the SMTP VRFY command. |
| 89 | /* .IP "\fBsmtpd_noop_commands (empty)\fR" |
| 90 | /* List of commands that the Postfix SMTP server replies to with "250 |
| 91 | /* Ok", without doing any syntax checks and without changing state. |
| 92 | /* .IP "\fBstrict_rfc821_envelopes (no)\fR" |
| 93 | /* Require that addresses received in SMTP MAIL FROM and RCPT TO |
| 94 | /* commands are enclosed with <>, and that those addresses do |
| 95 | /* not contain RFC 822 style comments or phrases. |
| 96 | /* .PP |
| 97 | /* Available in Postfix version 2.1 and later: |
| 98 | /* .IP "\fBsmtpd_reject_unlisted_sender (no)\fR" |
| 99 | /* Request that the Postfix SMTP server rejects mail from unknown |
| 100 | /* sender addresses, even when no explicit reject_unlisted_sender |
| 101 | /* access restriction is specified. |
| 102 | /* .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR" |
| 103 | /* What remote SMTP clients the Postfix SMTP server will not offer |
| 104 | /* AUTH support to. |
| 105 | /* .PP |
| 106 | /* Available in Postfix version 2.2 and later: |
| 107 | /* .IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR" |
| 108 | /* Lookup tables, indexed by the remote SMTP client address, with |
| 109 | /* case insensitive lists of EHLO keywords (pipelining, starttls, auth, |
| 110 | /* etc.) that the Postfix SMTP server will not send in the EHLO response |
| 111 | /* to a |
| 112 | /* remote SMTP client. |
| 113 | /* .IP "\fBsmtpd_discard_ehlo_keywords (empty)\fR" |
| 114 | /* A case insensitive list of EHLO keywords (pipelining, starttls, |
| 115 | /* auth, etc.) that the Postfix SMTP server will not send in the EHLO |
| 116 | /* response |
| 117 | /* to a remote SMTP client. |
| 118 | /* .IP "\fBsmtpd_delay_open_until_valid_rcpt (yes)\fR" |
| 119 | /* Postpone the start of an SMTP mail transaction until a valid |
| 120 | /* RCPT TO command is received. |
| 121 | /* .PP |
| 122 | /* Available in Postfix version 2.3 and later: |
| 123 | /* .IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR" |
| 124 | /* Force the Postfix SMTP server to issue a TLS session id, even |
| 125 | /* when TLS session caching is turned off (smtpd_tls_session_cache_database |
| 126 | /* is empty). |
| 127 | /* .PP |
| 128 | /* Available in Postfix version 2.6 and later: |
| 129 | /* .IP "\fBtcp_windowsize (0)\fR" |
| 130 | /* An optional workaround for routers that break TCP window scaling. |
| 131 | /* .PP |
| 132 | /* Available in Postfix version 2.7 and later: |
| 133 | /* .IP "\fBsmtpd_command_filter (empty)\fR" |
| 134 | /* A mechanism to transform commands from remote SMTP clients. |
| 135 | /* .PP |
| 136 | /* Available in Postfix version 2.9 and later: |
| 137 | /* .IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR" |
| 138 | /* Change the behavior of the smtpd_timeout and smtpd_starttls_timeout |
| 139 | /* time limits, from a |
| 140 | /* time limit per read or write system call, to a time limit to send |
| 141 | /* or receive a complete record (an SMTP command line, SMTP response |
| 142 | /* line, SMTP message content line, or TLS protocol message). |
| 143 | /* .PP |
| 144 | /* Available in Postfix version 3.0 and later: |
| 145 | /* .IP "\fBsmtpd_dns_reply_filter (empty)\fR" |
| 146 | /* Optional filter for Postfix SMTP server DNS lookup results. |
| 147 | /* ADDRESS REWRITING CONTROLS |
| 148 | /* .ad |
| 149 | /* .fi |
| 150 | /* See the ADDRESS_REWRITING_README document for a detailed |
| 151 | /* discussion of Postfix address rewriting. |
| 152 | /* .IP "\fBreceive_override_options (empty)\fR" |
| 153 | /* Enable or disable recipient validation, built-in content |
| 154 | /* filtering, or address mapping. |
| 155 | /* .PP |
| 156 | /* Available in Postfix version 2.2 and later: |
| 157 | /* .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR" |
| 158 | /* Rewrite message header addresses in mail from these clients and |
| 159 | /* update incomplete addresses with the domain name in $myorigin or |
| 160 | /* $mydomain; either don't rewrite message headers from other clients |
| 161 | /* at all, or rewrite message headers and update incomplete addresses |
| 162 | /* with the domain specified in the remote_header_rewrite_domain |
| 163 | /* parameter. |
| 164 | /* BEFORE-SMTPD PROXY AGENT |
| 165 | /* .ad |
| 166 | /* .fi |
| 167 | /* Available in Postfix version 2.10 and later: |
| 168 | /* .IP "\fBsmtpd_upstream_proxy_protocol (empty)\fR" |
| 169 | /* The name of the proxy protocol used by an optional before-smtpd |
| 170 | /* proxy agent. |
| 171 | /* .IP "\fBsmtpd_upstream_proxy_timeout (5s)\fR" |
| 172 | /* The time limit for the proxy protocol specified with the |
| 173 | /* smtpd_upstream_proxy_protocol parameter. |
| 174 | /* AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS |
| 175 | /* .ad |
| 176 | /* .fi |
| 177 | /* As of version 1.0, Postfix can be configured to send new mail to |
| 178 | /* an external content filter AFTER the mail is queued. This content |
| 179 | /* filter is expected to inject mail back into a (Postfix or other) |
| 180 | /* MTA for further delivery. See the FILTER_README document for details. |
| 181 | /* .IP "\fBcontent_filter (empty)\fR" |
| 182 | /* After the message is queued, send the entire message to the |
| 183 | /* specified \fItransport:destination\fR. |
| 184 | /* BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS |
| 185 | /* .ad |
| 186 | /* .fi |
| 187 | /* As of version 2.1, the Postfix SMTP server can be configured |
| 188 | /* to send incoming mail to a real-time SMTP-based content filter |
| 189 | /* BEFORE mail is queued. This content filter is expected to inject |
| 190 | /* mail back into Postfix. See the SMTPD_PROXY_README document for |
| 191 | /* details on how to configure and operate this feature. |
| 192 | /* .IP "\fBsmtpd_proxy_filter (empty)\fR" |
| 193 | /* The hostname and TCP port of the mail filtering proxy server. |
| 194 | /* .IP "\fBsmtpd_proxy_ehlo ($myhostname)\fR" |
| 195 | /* How the Postfix SMTP server announces itself to the proxy filter. |
| 196 | /* .IP "\fBsmtpd_proxy_options (empty)\fR" |
| 197 | /* List of options that control how the Postfix SMTP server |
| 198 | /* communicates with a before-queue content filter. |
| 199 | /* .IP "\fBsmtpd_proxy_timeout (100s)\fR" |
| 200 | /* The time limit for connecting to a proxy filter and for sending or |
| 201 | /* receiving information. |
| 202 | /* BEFORE QUEUE MILTER CONTROLS |
| 203 | /* .ad |
| 204 | /* .fi |
| 205 | /* As of version 2.3, Postfix supports the Sendmail version 8 |
| 206 | /* Milter (mail filter) protocol. These content filters run |
| 207 | /* outside Postfix. They can inspect the SMTP command stream |
| 208 | /* and the message content, and can request modifications before |
| 209 | /* mail is queued. For details see the MILTER_README document. |
| 210 | /* .IP "\fBsmtpd_milters (empty)\fR" |
| 211 | /* A list of Milter (mail filter) applications for new mail that |
| 212 | /* arrives via the Postfix \fBsmtpd\fR(8) server. |
| 213 | /* .IP "\fBmilter_protocol (6)\fR" |
| 214 | /* The mail filter protocol version and optional protocol extensions |
| 215 | /* for communication with a Milter application; prior to Postfix 2.6 |
| 216 | /* the default protocol is 2. |
| 217 | /* .IP "\fBmilter_default_action (tempfail)\fR" |
| 218 | /* The default action when a Milter (mail filter) application is |
| 219 | /* unavailable or mis-configured. |
| 220 | /* .IP "\fBmilter_macro_daemon_name ($myhostname)\fR" |
| 221 | /* The {daemon_name} macro value for Milter (mail filter) applications. |
| 222 | /* .IP "\fBmilter_macro_v ($mail_name $mail_version)\fR" |
| 223 | /* The {v} macro value for Milter (mail filter) applications. |
| 224 | /* .IP "\fBmilter_connect_timeout (30s)\fR" |
| 225 | /* The time limit for connecting to a Milter (mail filter) |
| 226 | /* application, and for negotiating protocol options. |
| 227 | /* .IP "\fBmilter_command_timeout (30s)\fR" |
| 228 | /* The time limit for sending an SMTP command to a Milter (mail |
| 229 | /* filter) application, and for receiving the response. |
| 230 | /* .IP "\fBmilter_content_timeout (300s)\fR" |
| 231 | /* The time limit for sending message content to a Milter (mail |
| 232 | /* filter) application, and for receiving the response. |
| 233 | /* .IP "\fBmilter_connect_macros (see 'postconf -d' output)\fR" |
| 234 | /* The macros that are sent to Milter (mail filter) applications |
| 235 | /* after completion of an SMTP connection. |
| 236 | /* .IP "\fBmilter_helo_macros (see 'postconf -d' output)\fR" |
| 237 | /* The macros that are sent to Milter (mail filter) applications |
| 238 | /* after the SMTP HELO or EHLO command. |
| 239 | /* .IP "\fBmilter_mail_macros (see 'postconf -d' output)\fR" |
| 240 | /* The macros that are sent to Milter (mail filter) applications |
| 241 | /* after the SMTP MAIL FROM command. |
| 242 | /* .IP "\fBmilter_rcpt_macros (see 'postconf -d' output)\fR" |
| 243 | /* The macros that are sent to Milter (mail filter) applications |
| 244 | /* after the SMTP RCPT TO command. |
| 245 | /* .IP "\fBmilter_data_macros (see 'postconf -d' output)\fR" |
| 246 | /* The macros that are sent to version 4 or higher Milter (mail |
| 247 | /* filter) applications after the SMTP DATA command. |
| 248 | /* .IP "\fBmilter_unknown_command_macros (see 'postconf -d' output)\fR" |
| 249 | /* The macros that are sent to version 3 or higher Milter (mail |
| 250 | /* filter) applications after an unknown SMTP command. |
| 251 | /* .IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR" |
| 252 | /* The macros that are sent to Milter (mail filter) applications |
| 253 | /* after the end of the message header. |
| 254 | |
|---|